<?php
session_start();
require("connect.php");
include("fonction.php");

if(isset($_GET['motclef'])){

    $motclef = $_GET['motclef'];
    $q = array('motclef'=>$motclef. '%');
    $sql = 'SELECT libelle FROM statuts WHERE libelle like :motclef';
    $req = $bddPdo->prepare($sql);
    $req->execute($q);
    $count = $req->rowCount($sql);
 	if($count){
        while ($result = $req->fetch(PDO::FETCH_OBJ)){
            echo "<br/>Message: ".$result->libelle."<br/>";
        }
    }else{
         echo "Aucun resultat pour : ".$motclef;
    }
}else{
	
	$d = array();
	
	if ($_POST["action"] == 'addMembre')
		$_SESSION["pseudo"] = "visiteur";
	
	if (!isset($_SESSION["pseudo"]) || empty($_SESSION["pseudo"]) || !isset($_POST["action"])){
		header("Location:logout.php");
	}else{
	    
	    extract($_POST);
	    $pseudo = mysql_escape_string($_SESSION["pseudo"]);
	
	
	    /************************
		* Action : addMessage
		* Permet l'ajout d'un message
		********************************/
	   
	    if($_POST["action"]=="addMessage"){
	        $message =  mysql_escape_string($message);
	        mysql_query("INSERT INTO statuts(date_statut, pseudo,libelle) VALUES (".date('U').", '$pseudo','$message')") or die(mysql_error());
	        $d["erreur"] ="ok";
	    }
	    
	    
	    /************************
		* Action : getMessages
		* Permet récupérer les messages
		********************************/
	    
	    if($_POST["action"]=="getMessages"){
	        $lastid = floor($lastid);
	        $req = mysql_query("SELECT * FROM statuts WHERE ID_STATUT > $lastid ORDER BY date_statut ASC") or die(mysql_error());
	        $d["result"] = "";
	        $d["lastid"] = $lastid;
	        while($data = mysql_fetch_assoc($req)){
	           	$req_membre = mysql_query("SELECT * FROM users WHERE PSEUDO = '".$data['pseudo']."' ") or die(mysql_error());
				$donne = mysql_fetch_assoc($req_membre);
				$numberMsg = $data["ID_STATUT"];
		    	$d["result"] .= '<div class="msg" id="message'.$numberMsg.'"  onMouseOver=document.getElementById("imgSuppr'.$numberMsg.'").style.visibility="visible" onMouseOut=document.getElementById("imgSuppr'.$numberMsg.'").style.visibility="hidden" >
								<input type="image" id="imgSuppr'.$numberMsg.'" class="btnSuppr" src="images/suppr.png" onclick="suppr('.$numberMsg.', 2);" style="visibility:hidden"/><img src="images/no_user.png" width="54" height="54" style="border: 1px solid #d6d6d6">
	           						<p style="position:absolute; margin:-50px 0 0 70px;">
	           						<strong style="color:#3b5998; font-size: 16px;">'.ucfirst($donne["PRENOM"]).' '.ucfirst($donne["NOM"]).'</strong></p>
	           						<p style="position: relative; margin: -20px 0 20px 70px;">'.$data["libelle"].'</p>
	           						<div id="commentaire">
									<form  id="formCom" method="post" action="">
										<p id="'.$numberMsg.'" style="margin: 30px 0 -30px 0;" ></p>
										<input type="submit" value="Envoyer" style="visibility: hidden;" >
									</form>
								</div>	
								<div class="footerPost">
									<div class="left">
										<span>0</span>
										<a id="lienComment" href="" onclick="ajouteCommentaire('.$numberMsg.'); return false;" title="Commenter">Commenter</a>
									</div>									
									<div class="right">
										<span>
											<p style="font-size: 11px;">il y a '.tempsPoster($data["date_statut"]).'</p>
										</span>
									</div>
									<br>
								</div>
							</div>';
					        
					        
	             $d["lastid"] = $data["ID_STATUT"];
	        }
	        $d["erreur"]="ok";
	    }
	    
	      
	 	/************************
		* Action : addMembre
		* Permet l'ajout d'un membre
		********************************/
	  
		if($_POST["action"]=="addMembre"){	
			$_SESSION["pseudo"] = $mypseudo;
			$mdp = md5($mdp);
	   		mysql_query("INSERT INTO users (NOM, PRENOM, EMAIL_AUT, PASSWD, PSEUDO) VALUES ('$nom', '$prenom', '$mail','$mdp', '$mypseudo')");
	
			/* FAIRE VERIF SI EXISTE PAS DEJA */	
			$req_verif = mysql_query("SELECT * FROM users WHERE EMAIL_AUT = '$mail'");
			if (mysql_num_rows($req_verif) > 0)	
				$d["erreur"]="ok";
	    	else
	    		$d["erreur"]="Un problème est survenue";		
	   		
			$d["erreur"]="ok";
	  	}
	  	
	  	
		/************************
		* Action : addCommentaire
		* Permet l'ajout d'un commentaire
		********************************/
	
		if($_POST["action"]=="addCommentaire"){
			$commentaire   = mysql_escape_string($message);
			$nbMessage     = mysql_escape_string($nombre);
	   		mysql_query("INSERT INTO commentaire(com, pseudo, date_com, id_statut) VALUES ('$commentaire', '$pseudo',".date('U').", '$nbMessage')") or die(mysql_error());
	        $d["erreur"] ="ok";
	   	}
	  
		/************************
		* Action : modifParams
		* Modif param
		********************************/
	
		if($_POST["action"]=="modifParams"){
			if ($info == "COMP"){
				$tab = explode(';', $champs);
				mysql_query("INSERT INTO competence(pseudo, nom_comp, sous_desc_comp, desc_comp) VALUES ('".$pseudo."', '".$tab[0]."', '".$tab[1]."', '".$tab[2]."')");
			}else if ($info == "FORMA"){
				$tab = explode(';', $champs);
				mysql_query("INSERT INTO formation(pseudo, date_formation, sous_desc_formation, desc_formation) VALUES ('".$pseudo."', '".$tab[0]."', '".$tab[1]."', '".$tab[2]."')");
			}else if ($info == "EXP"){
				$tab = explode(';', $champs);
				mysql_query("INSERT INTO experience(pseudo, date_exp, sous_desc_exp, desc_exp) VALUES ('".$pseudo."', '".$tab[0]."', '".$tab[1]."', '".$tab[2]."')");
			}else if ($info == "PASSWD"){
				$tab    = explode(';', $champs);
				$oldMDP = md5($tab[0]);
				$reqMdp = mysql_query("SELECT PASSWD FROM users WHERE PSEUDO = '".$pseudo."'");
				$mdp    = mysql_fetch_array($reqMdp);
				if ($mdp['PASSWD'] == $oldMDP){
					$newMdptavusisi = md5($tab[1]);
					mysql_query("UPDATE users SET PASSWD = '".$newMdptavusisi."' WHERE PSEUDO = '".$pseudo."'")or die(mysql_error());
				}else{
					$d["result"] = "ERROR1";
				}
			}else{
				mysql_query("UPDATE users SET ".$idForm." = '".$champs."' WHERE PSEUDO = '".$pseudo."'")or die(mysql_error()); 
			}
	        $d["erreur"] = "ok";
		}
	  
	    /************************
		* Action : getCommentaire
		* Permet récupérer les commentaires
		***********************************/
	    
	    if($_POST["action"]=="getCommentaire"){
	       	$lastIdCommentaire = floor($lastIdCommentaire); 
			$recOm = mysql_query("SELECT * FROM commentaire WHERE id_com > $lastIdCommentaire ORDER BY date_com ASC") or die(mysql_error());
	        $d["result"] = "";
	        while($leCom = mysql_fetch_assoc($recOm)){
	        		$whoCom = $leCom['pseudo']; 
					$reqQuiCom = mysql_query("SELECT * FROM users WHERE pseudo = '$whoCom'") or die(mysql_error());
					$infoCom = mysql_fetch_assoc($reqQuiCom);	
					$d["result"] .= '<hr style="margin: -10px -20px 10px -20px;">
						<li style="border: 0px dotted red;list-style:none;">
							<img src="images/no_user.png" width="32" height="32" style="border: 1px solid #d6d6d6">
							<p style="position:absolute; margin:-45px 0 0 45px;">
								<strong style="color:#3b5998; font-size: 13px;">'.ucfirst($infoCom["PRENOM"]).' '.ucfirst($infoCom["NOM"]).'</strong>
								<span style="position: relative;color:black; margin: -20px 0 20px 10px;">'.$leCom["com"].'</span>
								<p style="position: relative; font-size: 9px; color: #444; margin: -25px 0 20px 50px;">Il y a '.tempsPoster($leCom["date_com"]).'</p>
							</p>
						</li>';
	        	
	        	
				$d["lastIdCommentaire"] = $leCom["id_com"];
	        }
	        $d["erreur"]="ok";
	     }
	     
	     
		/************************
		* Action : suppr
		* Supprime le post ou le commentaire
		************************************/
	
		if($_POST["action"] == "suppr"){
		    $d["result"] = "";
			if($type == 1){ // commentaries
				mysql_query("DELETE FROM commentaire WHERE id_com = $id");
			}else{
				mysql_query("DELETE FROM statuts WHERE ID_STATUT = $id");		
			}
		    $d["erreur"] = "ok";
	    }
	    
	    /************************
		* Action : deleteInfo
		* Supprime info
		************************************/
	
		if($_POST["action"] == "deleteInfo"){
		    $d["result"] = "";
		    if ($nomInfo == "competence")
		    	$nameId = "id_comp";
		    else if ($nomInfo == "experience")
		    	$nameId = "id_exp";
		    else
		    	$nameId = "id_formation";
		    	
			mysql_query("DELETE FROM ".$nomInfo." WHERE ".$nameId." = ".$idInfo."");
		    $d["erreur"] = "ok";
	    }	    
	    
	    /****************************\
		* Action : create_group      *
		* Cree un nouveau groupe     *
		*****************************/
		
		if($_POST["action"] == "create_group"){
			if (mysql_query("INSERT INTO `2sn`.`groupe` (`NOM_GROUPE`, `pseudo_createur`) VALUES ('$nom', '$pseudo');"))
				$d["erreur"] = "ok";
		}

	    
	}
	echo json_encode($d);
}
?>